Source Documentation Best Practices for CRCs: The Complete ALCOA+ Guide

Every piece of data in a clinical trial rests on a foundation of source documents. When an FDA investigator arrives for a BIMO inspection, one of their primary activities is tracing CRF data entries back to their corresponding source records — entry by entry, participant by participant. Source documentation quality is not a peripheral compliance concern; it is the evidentiary basis on which the entire data package submitted to the FDA in a marketing application is evaluated. If the data cannot be traced to credible, complete source records, the trial's data cannot be trusted, and the application built on it is at risk.

For Clinical Research Coordinators, source documentation is not something that happens at the end of a visit or when a monitor comes. It is a continuous practice that begins when a participant first contacts the site and continues through final archival. This guide covers the regulatory foundation, the ALCOA+ quality standards, what counts as a source document, electronic and EHR-based sources, the difference between SDV and SDR monitoring approaches, correct error correction, retention requirements, and the BIMO inspection findings that appear most consistently.

The Regulatory Foundation

Source documentation requirements in FDA-regulated clinical trials are grounded in 21 CFR 312.62 — Investigator Recordkeeping and Record Retention. This regulation requires clinical investigators to prepare and maintain adequate and accurate case histories that record all observations and other data pertinent to the investigation on each individual administered the investigational drug or used as a control. The regulation specifies that these records include case report forms and supporting data, including laboratory data, ECGs, x-rays, and any other clinical records.

The FDA's guidance on Computerized Systems Used in Clinical Trials, the foundational FDA document on data quality requirements, established the principle that FDA's acceptance of data from clinical trials depends on its ability to verify the quality and integrity of that data. The guidance states that data should be attributable, original, accurate, contemporaneous, and legible — the core elements that became formalized as the ALCOA framework.

The ICH E6(R3) guideline, finalized January 2025, introduces a dedicated Data Governance section, new to GCP, that explicitly addresses source data in modern clinical trials, including data originating from electronic health records, digital health technologies, and patient-reported outcomes. E6(R3)'s media-neutral framework recognizes that source data can originate in any format, with validation and verification requirements proportionate to the risk that format presents to data integrity.

What Source Data Is — and Why the Definition Matters

ICH E6(R3) defines source data as all information in original records and certified copies of original records of clinical findings, observations, or other activities in a clinical trial necessary for the reconstruction and evaluation of the trial. Source documents are the media on which source data are recorded, whether paper, electronic, or any other format.

The phrase "necessary for the reconstruction and evaluation of the trial" is operationally important. It means source documentation must be sufficient for an external reviewer, an FDA inspector, a sponsor monitor, an internal auditor, to reconstruct what happened to each participant, verify that protocol procedures were followed, and confirm that CRF data accurately reflects the underlying observations. A source record that cannot support that reconstruction is an inadequate source record, regardless of how neatly it is filed.

This definition also implies that the source record must exist before the data it supports is entered into the CRF. A CRF entry that has no source document to support it is unverifiable. The order matters: observe, record in source contemporaneously, then transcribe to the CRF.

ALCOA+ Principles: The Quality Standard for Every Entry

The FDA's data quality standard, formalized across multiple guidance documents and adopted into ICH E6(R3), is captured in the ALCOA+ framework. Every source document entry must satisfy these qualities. When BIMO inspectors review source records, they are specifically evaluating each of these attributes.

The "+" in ALCOA+ adds five additional quality attributes recognized in ICH E6(R3) and FDA guidance:

• Complete: All required data elements are present, or missing data is explained and documented
• Consistent: Data is consistent across related documents, the lab value in the source matches the CRF, the date of the visit in the medical record matches the visit note
• Enduring: Records are maintained in a medium that preserves their integrity for the required retention period
• Available: Records are accessible for authorized review, inspection, and audit throughout the retention period
• Traceable: The full history of data changes can be reconstructed from the audit trail, from original entry through any corrections or amendments

What Counts as a Source Document

The range of documents that constitute source records in a clinical trial is broader than many CRCs initially expect. Any record that represents the first capture of a clinical observation, measurement, or activity is a source document. This includes:

• Medical records and physician notes from the participant's treating providers
• Laboratory reports, the actual report or system record, not just the transcribed values
• ECG tracings with participant identifier, date, and time stamp
• Radiology reports and imaging studies
• Signed and dated informed consent forms
• Drug dispensation and accountability logs
• IP storage temperature logs
• Participant diaries and questionnaires, the original completed form, not a summary
• CRC visit notes documenting protocol procedures performed
• Delegation of authority log entries
• IRB correspondence and approval letters

A common and consequential misconception is that the Case Report Form (CRF) is itself a source document. In most studies, the CRF is a transcription of source data, not the original source. The CRF records what was observed, but the observation itself, and the record of it, is the source. The exception is the "direct entry" scenario in electronic data capture systems, where data is entered directly into the EDC without a prior paper or electronic record. In that case, the EDC entry may be designated the source, but this must be explicitly defined in the protocol or a study-specific source data agreement.

CRF vs. Source: The Critical Distinction

The source-to-CRF relationship is one of the most important concepts in clinical trial data management, and one of the most frequently misunderstood. The distinction matters because monitors perform source data verification (SDV) by comparing CRF entries to source records, and any discrepancy between them is a monitoring finding that generates a data query and may require a protocol deviation report.

The chain must be: observation occurs → recorded in source contemporaneously → transcribed to CRF → CRF entry verified against source by monitor. If any link is broken, if the CRF contains data not supported by a source record, if the source record was created after the CRF entry, or if the two records are inconsistent, the data's integrity is in question.

For CRCs, maintaining this chain in practice means resisting the temptation to enter CRF data first "to keep up" and document source later. The source record must precede or be contemporaneous with the CRF entry. Late source documentation that appears to have been created to match CRF data that was already entered is one of the findings that most concerns BIMO inspectors, because it raises the question of whether the data reflects actual observations or is being reconstructed to match an expected result.

Electronic Source Data

The FDA's guidance on Electronic Source Data in Clinical Investigations (September 2013) addressed the growing reality that clinical trial data is increasingly first captured in electronic form — EDC systems, electronic patient-reported outcome platforms, laboratory information management systems, and other digital tools. This guidance established that electronic source data is fully acceptable and, in many contexts, preferable to paper source data — provided that the same ALCOA+ quality principles apply.

For electronic source data, the key requirements include: each data entry must be attributable to an identified individual (no shared logins); the system must maintain a complete audit trail that records who entered or changed what, when, and, for changes, the reason; the audit trail must be retained for the same period as the underlying data; and the system must be validated to ensure it reliably produces accurate, reproducible results.

The FDA's guidance on Computerized Systems Used in Clinical Trials specifies that audit trails must be retained for at least as long as the study records themselves, must be available for FDA review and copying, and must be created in a manner that does not allow new audit trail information to overwrite existing data. Personnel who create, modify, or delete electronic records must not be able to modify the audit trails themselves.

Electronic Health Records as Source Documents

The FDA's guidance on Use of Electronic Health Record Data in Clinical Investigations addresses the specific considerations that arise when clinical trial source data originates in or is accessed through the participant's institutional EHR system rather than a dedicated clinical trial data system.

Using EHR data as source is acceptable and increasingly common, particularly for data elements that are captured as part of routine clinical care, such as vital signs, laboratory results from standard-of-care testing, and medication histories. However, using EHR data as source requires careful attention to several operational requirements:

• Authorization and access: The clinical trial must have appropriate authorization to access and use the relevant EHR data for research purposes, consistent with the participant's consent and applicable privacy regulations
• Sponsor audit access: If EHR data is designated as source, the sponsor and FDA must have a pathway to access and review the relevant records for audit and inspection purposes. This typically requires the site to ensure sponsor monitors can access the relevant EHR sections during monitoring visits
• Data integrity verification: When EHR data is automatically populated into an EDC system (interoperability), the accuracy of the transfer must be verified. The FDA guidance notes that interoperability between EHR and EDC systems may reduce transcription errors but introduces its own validation and unblinding risk considerations
• Certified copies: When original EHR records cannot be directly accessed by monitors or inspectors, certified copies — verified reproductions of the original that contain the same information — must be available

SDV vs. SDR: What Monitoring Looks Like Under E6(R3)

Source Data Verification (SDV) refers to the process of comparing CRF data entries against source records — confirming that what the CRF says matches what the source document shows. Traditional 100% SDV means verifying every data point in the CRF against source. Under the risk-based monitoring approach formalized in ICH E6(R3), targeted SDV focuses verification efforts on data elements identified as Critical to Quality (CtQ) — those essential to participant safety and the trial's primary endpoints, rather than applying uniform 100% review to all data points.

Source Data Review (SDR) is broader — it involves reviewing source records directly, without necessarily cross-referencing each entry against the CRF, to assess the overall quality and completeness of source documentation at a site. SDR may include reviewing medical records for unreported adverse events, verifying that study procedures were actually performed as documented, and assessing whether consent was appropriately obtained and documented.

For CRCs, the practical implication of the shift toward risk-based monitoring is that source documentation quality on CtQ data elements matters more than ever. Under 100% SDV, every discrepancy is caught and queried. Under targeted monitoring, the discrepancies that get caught and queried are concentrated in the data elements that matter most for the trial's regulatory submission. Source documentation quality on those elements directly affects data package integrity.

Visit Note Standards: What Every Study Visit Note Must Contain

The visit note, the contemporaneous record of what occurred at each protocol-specified contact with a participant — is among the most scrutinized source documents during monitoring and inspection. A complete visit note must document:

• The date and time of the contact (visit, phone call, or remote assessment)
• Who was present or participating (CRC name, PI where required, participant, any other study staff)
• All protocol-required procedures performed, what was done, by whom, and the result or outcome of each procedure
• Any protocol-required procedures that were not performed, and the documented reason why (illness, participant refusal, equipment failure, etc.)
• Any adverse events or new medical information reported by the participant
• Any changes in concomitant medications
• IP dispensation details where applicable
• The PI's involvement and assessment where protocol requires investigator participation
• Signature and date of the person creating the note

The visit note does not need to be long. What it must be is complete, covering every element listed above, and contemporaneous. A thorough visit note written the same day is far more valuable than a detailed narrative written a week later, because the contemporaneous note is a direct record of what occurred, not a reconstruction from memory.

Correct Error Correction: Paper and Electronic

Errors in source documents are inevitable. What distinguishes compliant source documentation from non-compliant documentation is not the absence of errors: it is how errors are handled when they occur.

Paper Records

The correct method for correcting an entry in a paper source document has three required elements: a single horizontal line through the incorrect entry (leaving the original legible), your initials and the date of the correction directly adjacent to the correction, and a brief reason for the change where space permits. Nothing else should be done. Using white-out, correction tape, or any other method that obscures the original entry is a regulatory violation — it destroys the original record and is treated as an indicator of potential data manipulation by BIMO inspectors.

Electronic Records

Electronic systems used in clinical trials must maintain a complete audit trail of all data changes, who changed what, when, and why. When you correct an electronic source record entry, the system should log your user identity, the date and time of the change, the original value, the new value, and your reason for the change. You should never attempt to work around an audit trail or request that IT staff modify historical records. The audit trail is itself a regulatory record and must be preserved intact.

Retention Requirements

Under 21 CFR 312.62(c), clinical investigators must retain records for at least two years after the date a marketing application is approved for the drug for the indication studied; or, if no application is filed or not approved, until at least two years after the investigation is discontinued and the FDA is notified.

In practice, these minimum regulatory retention periods are routinely extended by sponsor requirements. Pharmaceutical sponsors typically specify retention periods of 15 to 25 years in their clinical trial agreements, well beyond the regulatory minimum, to protect their ability to respond to FDA inquiries, litigation, and post-marketing safety reviews. Always follow the longer of the regulatory minimum and your sponsor's specified retention period.

Critically: never destroy study records without written authorization from the sponsor and confirmation that all applicable retention requirements have been met. Premature destruction of source documents, even accidentally — can trigger an FDA inspection finding and may render a drug application unsupportable.

Backdating: Research Misconduct and Federal Crime

Creating or altering a document to make it appear to have been created at a different time than it actually was, backdating, is not a documentation error. It is research fraud and a federal crime under 18 U.S.C. § 1001, which prohibits knowingly and willfully making false statements in matters within the jurisdiction of the executive branch of the United States government. FDA-regulated clinical research falls squarely within that jurisdiction.

Backdating includes writing a visit note for a visit that occurred last week and dating it as though it were written the same day, without indicating it is a late entry. It includes signing a consent form with yesterday's date when the consent conversation actually happened today. It includes entering a laboratory value into a paper CRF with a date earlier than the date the result was actually received.

Late entries are not prohibited. They are legitimate when clearly labeled as such, with the actual date of entry documented. The requirement is accuracy, not impossibility. If something was not documented at the time it should have been, the compliant response is to document it now, clearly label it as a late entry, note the actual date of the observation (separate from the actual date of the documentation), and explain why it was not documented contemporaneously.

If you are ever asked by a supervisor, investigator, or any other person to backdate a document, sign a form with a different date than today's date, or alter the appearance of a record — refuse immediately and report the request to your institution's research compliance office or IRB. You are protected from retaliation under federal whistleblower provisions when reporting research misconduct in good faith.

BIMO Inspection Findings: What Inspectors Find Most Frequently

The FDA's BIMO inspection metrics document the most frequent findings from clinical investigator inspections. Source documentation deficiencies appear consistently among the top findings year after year. The most common specific findings include:

• Inadequate or incomplete records: Source records that do not document all required study procedures, or that lack required elements such as dates, signatures, or clinical assessments
• Source-to-CRF discrepancies: CRF entries that do not match the source document — different values, different dates, different clinical descriptions. These are among the most common data queries generated during monitoring visits
• Obliterated entries: Source corrections made using white-out or other methods that destroy the original entry rather than preserving it with a compliant correction
• Late entry documentation failures: Entries made after the fact that are not labeled as late entries, creating the false impression of contemporaneous documentation
• Inadequate audit trails: Electronic systems where audit trail functionality is incomplete, disabled, or where users have shared login credentials that prevent individual attribution
• Failure to retain records: Records that were disposed of before applicable retention periods expired, or that cannot be located when requested during inspection

Every one of these findings is preventable through the consistent application of the principles in this guide. The BIMO inspection findings are not surprises — they map directly to the ALCOA+ quality attributes and the regulatory requirements in 21 CFR 312.62. The sites that consistently perform well on inspections are not sites with perfect documentation. They are sites where documentation practices are systematic, habitual, and well-understood by every member of the team.